Displaying 6 results from an estimated 6 matches for "svitla5".
Did you mean:
svitla3
2020 Jul 14
3
Authentication with trusted credentials
Hai,
?
Sorry for the late(r) reply but we all need to sleep also sometimes.? ;-)
note, i saw its fixed, but i'll do comment a bit through your replies.
?
?
mainly because of this part
?
this part.? (Sended: monday 13 juli 2020 18:51)
> net ads join -U administrator at SVITLA3.ROOM
> Enter administrator at SVITLA3.ROOM's password:
> Using short domain name -- SVITLA3
>
2020 Jul 16
0
Authentication with trusted credentials
...NFSv4 kerberized.
Whats used here, samba winbind libnss-pam libpam-winbind krb5-user (for the packages) thats all you need.
Now your lines :
Works Yes: Jul 16 11:23:48 uc-sssdlbox20 sshd[2048]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.0.1 user=SVITLA5.ROOM\test01
Works Not: Jul 16 11:24:01 uc-sssdlbox20 sshd[2157]: Invalid user APEX.CORP\\jake from 10.0.0.1 port 62970
And i noticed this :
OK: sshd[2048]: pam_sss(sshd:auth)
Wrong: sshd[2157]: pam_unix(sshd:auth)
I would gamble on these..
/etc sssd ? Somewhere, i really dont know, never...
2020 Jul 16
2
Authentication with trusted credentials
...wrong setting in sssd, but i dont know sssd )
> I know this is one of your REALMs and not the domain.
>
>
> Now your lines :
> Works Yes: Jul 16 11:23:48 uc-sssdlbox20 sshd[2048]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.0.1 user=SVITLA5.ROOM\test01
> Works Not: Jul 16 11:24:01 uc-sssdlbox20 sshd[2157]: Invalid user APEX.CORP\\jake from 10.0.0.1 port 62970
> And i noticed this :
> OK: sshd[2048]: pam_sss(sshd:auth)
> Wrong: sshd[2157]: pam_unix(sshd:auth)
>
>
> ## Mapped ids from the domain SAMDOM and (...
2020 Jul 16
0
Authentication with trusted credentials
...nt know sssd )
> > I know this is one of your REALMs and not the domain.
> >
> >
> > Now your lines :
> > Works Yes: Jul 16 11:23:48 uc-sssdlbox20 sshd[2048]: pam_sss(sshd:auth):
> authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.0.1
> user=SVITLA5.ROOM\test01
> > Works Not: Jul 16 11:24:01 uc-sssdlbox20 sshd[2157]: Invalid user
> APEX.CORP\\jake from 10.0.0.1 port 62970
> > And i noticed this :
> > OK: sshd[2048]: pam_sss(sshd:auth)
> > Wrong: sshd[2157]: pam_unix(sshd:auth)
> >
> >
> > ##...
2020 Jul 21
2
Authentication with trusted credentials
...oves
this fact.
I can access a file share located on trusted side by authenticated trusted
account.
I don't understand about this default mapping. How does it work in my case?
As I understood mapping configuration in smb.conf it is based on realm
names in krb5.conf. My krb5.conf includes only SVITLA5.ROOM realm. If I add
appropriate mapping for APEX.CORP authentication doesn't work because
krb5.conf doesn't know about APEX.CORP. If I add APEX.CORP to krb5.conf
authentication process happens by different way without involving Samba DC.
Probably I could configure krb5.conf in specific wa...
2020 Jul 20
3
Authentication with trusted credentials
Point #1: is not correct.
Why is Jake getting an ID from * Range and not APEX range. ?
That need to be found first
Run: net cache flush
Restart samba. : systemctl restart smbd winbind nmbd (and/or sssd is you use that)
wbinfo --all-domains -ug
id jake
getent passwd jake
Any improvement?
> if you have set: APEX:backend = ad
Yes, and did you assign an UID/GID after you changed RID to